Google Chrome Gets Cracked: Researchers Find Browser Bugs

Below:

Next story in Security

Security researchers have reportedly found several new bugs in
Google Chrome that have allowed them to hack into the notoriously
secure Web browser.

Researchers at the French firm VUPEN announced today that they
exploited vulnerabilities to crack into the most recent version
of Chrome 11 running on Windows 7. The hack, VUPEN said, works on
all Windows systems.

In a proof-of-concept demonstration, researchers launched the
Chrome attack by using a specially rigged Web page that, when
visited, enabled the attackers to remotely "execute various
payloads" on the target system.

The researchers used their exploit to trick the computer into
downloading, installing and running a calculator application from
a remote location. VUPEN assured that their innocent manipulation
"can be replaced by any other payload."

Perhaps most impressive, and ultimately alarming to Google, is
that VUPEN's demonstration exploited Chrome's sandbox, a security
feature designed to isolate computer
attacks and prevent them from spreading.

The hack also bypassed the computer's Address Space Layout
Randomization (ASLR) and Data Execution Prevention (DEP), two
security features designed specifically to prevent an
unauthorized application from running arbitrary code.

Since its release, Chrome has been praised for its security and
ease. At a recent security conference, Chrome stood unchallenged
in a
hacking contest despite Google's offer of $20,000 to anyone
who could exploit it.

VUPEN's discovery and successful exploitation of the new Chrome
flaws could potentially cause a shift in the way customers see
the popular Web browser. Coupled with the fact that malware
authors have recently begun devoting more
malicious attention to Chrome, it will be interesting to see
how Google addresses the issue, and whether or not loyal Chrome
users will ultimately flock to new browsers.